% THIS IS SIGPROC-SP.TEX - VERSION 3.1
% WORKS WITH V3.2SP OF ACM_PROC_ARTICLE-SP.CLS
% APRIL 2009
%
% It is an example file showing how to use the 'acm_proc_article-sp.cls' V3.2SP
% LaTeX2e document class file for Conference Proceedings submissions.
% ----------------------------------------------------------------------------------------------------------------
% This .tex file (and associated .cls V3.2SP) *DOES NOT* produce:
%       1) The Permission Statement
%       2) The Conference (location) Info information
%       3) The Copyright Line with ACM data
%       4) Page numbering

% ---------------------------------------------------------------------------------------------------------------
% It is an example which *does* use the .bib file (from which the .bbl file
% is produced).
% REMEMBER HOWEVER: After having produced the .bbl file,
% and prior to final submission,
% you need to 'insert'  your .bbl file into your source .tex file so as to provide
% ONE 'self-contained' source file.
%
% Questions regarding SIGS should be sent to
% Adrienne Griscti ---> griscti@acm.org
%
% Questions/suggestions regarding the guidelines, .tex and .cls files, etc. to
% Gerald Murray ---> murray@hq.acm.org
%
% For tracking purposes - this is V3.1SP - APRIL 2009

\documentclass{acm_proc_article-sp}
\input{macros}
\usepackage{subfloat}

\usepackage{ifpdf}
\usepackage{multicol}
\usepackage{algorithmic}
\usepackage{algorithm}
\usepackage{textcomp}
\usepackage{listings}
\usepackage{graphicx}
\pagenumbering{roman}
\usepackage{textcomp}
\usepackage{fixltx2e}
\usepackage{listings}
\usepackage[table]{xcolor}	
\usepackage[caption=false]{subfig}


%-------------start additional comments from JeeHyun------------
%\newcommand{\FixJeeHyun}[1]{}
%\newcommand{\CommentJeeHyun}[1]{}

\newcommand{\FixJeeHyun}[1]{{\large\textbf{FIXJeeHyun}}\color{red}{#1}\color{black}{}{\large\textbf{FIXJeeHyun}}}
\newcommand{\CommentJeeHyun}[1]{{\large\textbf{COMMENTJeeHyun}}#1{\large\textbf{COMMENTJeeHyun}}}


\newcounter{subsubsubsection}[subsubsection]
\def\subsubsubsectionmark#1{}
\def\thesubsubsubsection {\thesubsubsection
     .\arabic{subsubsubsection}}
\def\subsubsubsection{\@startsection
     {subsubsubsection}{4}{\z@} {-3.25ex plus -1
     ex minus -.2ex}{1.5ex plus .2ex}{\normalsize\bf}}
\def\l@subsubsubsection{\@dottedtocline{4}{8.8em}
     {4.2em}}
\hyphenation{X-ACML}
\begin{document}

\title{Refactoring Access Control Policies for Performance Improvement}

\pagestyle{plain} % No headers, just page numbers
\pagenumbering{arabic} % Roman numerals
\setcounter{page}{1}
%
% You need the command \numberofauthors to handle the 'placement
% and alignment' of the authors beneath the title.
%
% For aesthetic reasons, we recommend 'three authors at a time'
% i.e. three 'name/affiliation blocks' be placed beneath the title.
%
% NOTE: You are NOT restricted in how many 'rows' of
% "name/affiliations" may appear. We just ask that you restrict
% the number of 'columns' to three.
%
% Because of the available 'opening page real-estate'
% we ask you to refrain from putting more than six authors
% (two rows with three columns) beneath the article title.
% More than six makes the first-page appear very cluttered indeed.
%
% Use the \alignauthor commands to handle the names
% and affiliations for an 'aesthetic maximum' of six authors.
% Add names, affiliations, addresses for
% the seventh etc. author(s) as the argument for the
% \additionalauthors command.
% These 'additional authors' will be output/set for you
% without further effort on your part as the last section in
% the body of your article BEFORE References or any Appendices.

%\numberofauthors{5} %  in this sample file, there are a *total*
% of EIGHT authors. SIX appear on the 'first-page' (for formatting
% reasons) and the remaining two appear in the \additionalauthors section.
%

%\numberofauthors{2}
%\author{
%\alignauthor Donia El Kateb, Tejeddine Mouelhi, Yves Le Traon \\
% \affaddr{University of Luxembourg} \\
% \affaddr{6 rue Coudenhove-Kalergi 
%L-1359 Luxembourg } \\
% \email{\{donia.elkateb, tejeddine.mouelh, yves.letraon\}@uni.lu}
%\and
%\alignauthor JeeHyun Hwang, Tao Xie\\
%\affaddr{Dept. of Computer Science, 
%} \\
%\affaddr{North Carolina State University} \\
% \affaddr {Raleigh, NC 27695, U.S.A} \\
% \email{jhwang4@ncsu.edu, xie@csc.ncsu.edu}
%}

 
\numberofauthors{5}
\author{
\alignauthor Donia El Kateb \\
 \affaddr{University of Luxembourg} \\
 \affaddr{6 rue Coudenhove-Kalergi 
L-1359 Luxembourg } \\
 \email{donia.elkateb@uni.lu}
\alignauthor Tejeddine Mouelhi \\
 \affaddr{University of Luxembourg} \\
 \affaddr{6 rue Coudenhove-Kalergi 
L-1359 Luxembourg } \\
 \email{tejeddine.mouelhi@uni.lu}
\alignauthor Yves Le Traon \\
 \affaddr{University of Luxembourg} \\
 \affaddr{6 rue Coudenhove-Kalergi 
L-1359 Luxembourg } \\
 \email{yves.letraon@uni.lu}
\and
\alignauthor JeeHyun Hwang \\
\affaddr{Dept. of Computer Science, 
} \\
\affaddr{North Carolina State University} \\
 \affaddr {Raleigh, NC 27695, U.S.A} \\
 \email{jhwang4@ncsu.edu}
\alignauthor Tao Xie \\
\affaddr{Dept. of Computer Science, 
} \\
\affaddr{North Carolina State University} \\
 \affaddr {Raleigh, NC 27695, U.S.A} \\
 \email{xie@csc.ncsu.edu}
}
 
\maketitle



% There's nothing stopping you putting the seventh, eighth, etc.
% author on the opening page (as the 'third row') but we ask,
% for aesthetic reasons that you place these 'additional authors'
% in the \additional authors block, viz.

% Just remember to make sure that the TOTAL number of authors
% is the number that will appear on the first page PLUS the
% number that will appear in the \additionalauthors section.


\begin{abstract}

In order to facilitate managing authorization, access control architectures are designed to separate the business logic from an access control policy. 
An access control policy consists of 
rules that specify who have access to resources.
A request is formulated from a component, called a Policy Enforcement Point (PEP). 
Given a request, a Policy Decision Point (PDP) evaluates the request against an access control policy and
returns its access decision (i.e., Permit or Deny) to the PEP.
With the growth of sensitive information for protection in an application,
an access control policy consists of a larger number of rules, which often cause a performance bottleneck.
%Such architectures engender a performance bottleneck due to a large number of rules in a policy, where
%a single PDP evaluates a request against each rule in turn.
 To address this issue, we propose to refactor access control policies for performance improvement
by splitting a policy (handled by a single PDP) into its corresponding multiple policies with a smaller number of rules (handled by multiple PDPs).
We define seven attribute-set-based splitting criteria to facilitate
splitting a policy.
We have conducted an evaluation on three subjects of real-life Java programs, each of which interacts
with access control policies. Our evaluation results show that (1) our approach
preserves the initial architectural model in terms of interaction between the business logic and its corresponding
rules in the policy, and (2) our approach enables to reduce request evaluation time by up to nine times. 
 \end{abstract}

\Comment{
Modern access control architectures tend to separate the business logic from access control policy specification for the sake of easing authorization 
manageability. Thus, request evaluation is processed by a Policy Decision Point (PDP) that encapsulates the access control policy and interacts with the
 business logic through Policy Enforcement Points (PEPs). Such architectures may engender a performance bottleneck due to the number of rules that have to be 
evaluated by a single PDP at decision making time.
In this paper, we propose to optimize the decision-making process by splitting the PDP into smaller decision points. We conducted studies on XACML 
(eXtensible Access Control Markup Language) to identify the best PDP splitting configuration. Our evaluation results show that the best splitting criterion 
is the one that preserves the initial architectural model in terms of interaction between the business logic and the decision engine and enables
 to reduce the time of request evaluation time by up to 9 times.
 }

\keywords{Access Control, Performance, Refactoring,  Policy Enforcement Point, Policy Decision Point, eXtensible Access Control Markup Language}

\Comment{
\keywords{Performance, Optimization, Access Control Policies, PEP, PDP, XACML}} % NOT required for Proceedings



% A category with the (minimum) three required fields
%\category{H.4}{Information Systems Applications}{Miscellaneous}
%A category including the fourth, optional field follows...
%\category{D.2.8}{Software Engineering}{Metrics}[complexity measures, performance measures]

%\terms{Theory}


%\section{Acknowledgments}
%This section is optional; it is a location for you
%to acknowledge grants, funding, editing assistance and
%what have you.  In the present case, for example, the
%authors would like to thank Gerald Murray of ACM for
%his help in codifying this \textit{Author's Guide}
%and the \textbf{.cls} and \textbf{.tex} files that it describes.

%
% The following two commands are all you need in the
% initial runs of your .tex file to
% produce the bibliography for the citations in your paper.


%
% ACM needs 'a single self-contained file'!
%
%APPENDICES are optional
%\balancecolumns
%\appendix
%Appendix A

\input{intro}
\input{background}
\input{approach}
\input{experiment}
\input{related}
\input{conclusion}

\bibliographystyle{abbrv}
\bibliography{sigproc} 
\balancecolumns


%\bibliographystyle{abbrv}
%\bibliography{sigproc} 
% That's all folks!
\end{document}
